CHANGELOG.md

Change Log

v1.5.6 (2016-09-19)

Full Changelog

Fixed bugs:

• Fix missing symbol handling in aud verify code #166 (excpt)

Merged pull requests:

• Fix rubocop code smells #167 (excpt)

v1.5.5 (2016-09-16)

Full Changelog

Implemented enhancements:

• JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

Fixed bugs:

• expiration check does not give "Signature has expired" error for the exact time of expiration #157
• JTI claim broken? #152
• Audience Claim broken? #151
• 1.5.3 breaks compatibility with 1.5.2 #133
• Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
• Fix: exp claim check #161 (excpt)

Closed issues:

• Rendering Json Results in JWT::DecodeError #162
• PHP Libraries #154
• [security] Signature verified after expiration/sub/iss checks #153
• Is ruby-jwt thread-safe? #150
• JWT 1.5.3 #143
• gem install v 1.5.3 returns error #141
• Adding a CHANGELOG #140

Merged pull requests:

• Bump version #165 (excpt)
• Improve error message for exp claim in payload #164 (excpt)
• Fix #151 and code refactoring #163 (excpt)
• Signature validation before claim verification #160 (excpt)
• Create specs for README.md examples #159 (excpt)
• Tiny Readme Improvement #156 (b264)
• Added test execution to Rakefile #147 (jabbrwcky)
• Add more bling bling to the site #146 (excpt)
• Bump version #145 (excpt)
• Add first content and basic layout #144 (excpt)
• Add a changelog file #142 (excpt)
• Return decoded_segments #139 (akostrikov)

v1.5.4 (2016-03-24)

Full Changelog

Closed issues:

• 404 at https://rubygems.global.ssl.fastly.net/gems/jwt-1.5.3.gem #137

Merged pull requests:

• Update README.md #138 (excpt)
• Fix base64url_decode #136 (excpt)
• Fix ruby 1.9.3 compatibility #135 (excpt)
• iat can be a float value #134 (llimllib)

v1.5.3 (2016-02-24)

Full Changelog

Implemented enhancements:

• Refactor obsolete code for ruby 1.8 support #120
• Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #106
• Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #105
• Allow a proc to be passed for JTI verification #126 (yahooguntu)
• Relax restrictions on "jti" claim verification #113 (lwe)

Closed issues:

• Verifications not functioning in latest release #128
• Base64 is generating invalid length base64 strings - cross language interop #127
• Digest::Digest is deprecated; use Digest #119
• verify_rsa no method 'verify' for class String #115
• Add a changelog #111

Merged pull requests:

• Drop ruby 1.9.3 support #131 (excpt)
• Allow string hash keys in validation configurations #130 (tpickett66)
• Add ruby 2.3.0 for travis ci testing #123 (excpt)
• Remove obsolete json code #122 (excpt)
• Add fancy badges to README.md #118 (excpt)
• Refactor decode and verify functionality #117 (excpt)
• Drop echoe dependency for gem releases #116 (excpt)
• Updated readme for iss/aud options #114 (ryanmcilmoyl)
• Fix error misspelling #112 (kat3kasper)

jwt-1.5.2 (2015-10-27)

Full Changelog

Implemented enhancements:

• Must we specify algorithm when calling decode to avoid vulnerabilities? #107
• Code review: Rspec test refactoring #85 (excpt)

Fixed bugs:

• aud verifies if aud is passed in, :sub does not #102
• iat check does not use leeway so nbf could pass, but iat fail #83

Closed issues:

• Test ticket from Code Climate #104
• Test ticket from Code Climate #100
• Is it possible to decode the payload without validating the signature? #97
• What is audience? #96
• Options hash uses both symbols and strings as keys. #95

Merged pull requests:

• Fix incorrect iat examples #109 (kjwierenga)
• Update docs to include instructions for the algorithm parameter. #108 (aarongray)
• make sure :sub check behaves like :aud check #103 (skippy)
• Change hash syntax #101 (excpt)
• Include LICENSE and README.md in gem #99 (bkeepers)
• Remove unused variable in the sample code. #98 (hypermkt)
• Fix iat claim example #94 (larrylv)
• Fix wrong description in README.md #93 (larrylv)
• JWT and JWA are now RFC. #92 (aj-michael)
• Update README.md #91 (nsarno)
• Fix missing verify parameter in docs #90 (ernie)
• Iat check uses leeway. #89 (aj-michael)
• nbf check allows exact time matches. #88 (aj-michael)

jwt-1.5.1 (2015-06-22)

Full Changelog

Implemented enhancements:

• Fix either README or source code #78
• Validate against draft 20 #38

Fixed bugs:

• ECDSA signature verification fails for valid tokens #84
• Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? #81
• Fix either README or source code #78
• decode fails with 'none' algorithm and verify #75

Closed issues:

• Doc mismatch: uninitialized constant JWT::ExpiredSignature #79
• TypeError when specifying a wrong algorithm #77
• jti verification doesn't prevent replays #73

Merged pull requests:

• Correctly sign ECDSA JWTs #87 (jurriaan)
• fixed results of decoded tokens in readme #86 (piscolomo)
• Force verification of "iss" and "aud" claims #82 (lwe)

jwt-1.5.0 (2015-05-09)

Full Changelog

Implemented enhancements:

• Needs to support asymmetric key signatures over shared secrets #46
• Implement Elliptic Curve Crypto Signatures #74 (jtdowney)
• Add an option to verify the signature on decode #71 (javawizard)

Closed issues:

• Check JWT vulnerability #76

Merged pull requests:

• Fixed some examples to make them copy-pastable #72 (jer)

jwt-1.4.1 (2015-03-12)

Full Changelog

Fixed bugs:

• jti verification not working per the spec #68
• Verify ISS should be off by default #66

Merged pull requests:

• Fix #66 #68 #69 (excpt)
• When throwing errors, mention expected/received values #65 (rolodato)

jwt-1.4.0 (2015-03-10)

Full Changelog

Closed issues:

• The behavior using 'json' differs from 'multi_json' #41

Merged pull requests:

• Release 1.4.0 #64 (excpt)
• Update README.md and remove dead code #63 (excpt)
• Add 'iat/ aud/ sub/ jti' support for ruby-jwt #62 (ZhangHanDong)
• Add 'iss' support for ruby-jwt #61 (ZhangHanDong)
• Clarify .encode API in README #60 (jbodah)

jwt-1.3.0 (2015-02-24)

Full Changelog

Closed issues:

• Signature Verification to Return Verification Error rather than decode error #57
• Incorrect readme for leeway #55
• What is the reason behind stripping the = in base64 encoding? #54
• Preperations for version 2.x #50
• Release a new version #47
• Catch up for ActiveWhatever 4.1.1 series #40

Merged pull requests:

• raise verification error for signiture verification #58 (punkle)
• Added support for not before claim verification #56 (punkle)
• Preperations for version 2.x #49 (excpt)

jwt-1.2.1 (2015-01-22)

Full Changelog

Closed issues:

• JWT.encode({"exp": 10}, "secret") #52
• JWT.encode({"exp": 10}, "secret") #51

Merged pull requests:

• Accept expiration claims as string #53 (yarmand)

jwt-1.2.0 (2014-11-24)

Full Changelog

Closed issues:

• set token to expire #42

Merged pull requests:

• Added support for exp claim #45 (zshannon)
• rspec 3 breaks passing tests #44 (zshannon)

jwt-0.1.13 (2014-05-08)

Full Changelog

Closed issues:

• yanking of version 0.1.12 causes issues #39
• Semantic versioning #37
• Update gem to get latest changes #36

jwt-1.0.0 (2014-05-07)

Full Changelog

Closed issues:

• API request - JWT::decoded_header() #26

Merged pull requests:

• return header along with playload after decoding #35 (sawyerzhang)
• Raise JWT::DecodeError on nil token #34 (tjmw)
• Make MultiJson optional for Ruby 1.9+ #33 (petergoldstein)
• Allow access to header and payload without signature verification #32 (petergoldstein)
• Update specs to use RSpec 3.0.x syntax #31 (petergoldstein)
• Travis - Add Ruby 2.0.0, 2.1.0, Rubinius #30 (petergoldstein)

jwt-0.1.11 (2014-01-17)

Full Changelog

Closed issues:

• url safe encode and decode #28
• Release #27

Merged pull requests:

• fixed urlsafe base64 encoding #29 (tobscher)

jwt-0.1.10 (2014-01-10)

Full Changelog

Closed issues:

• change to signature of JWT.decode method #14

Merged pull requests:

• Fix warning: assigned but unused variable - e #25 (sferik)
• Echoe doesn't define a license= method #24 (sferik)
• Use OpenSSL::Digest instead of deprecated OpenSSL::Digest::Digest #23 (JuanitoFatas)
• Handle some invalid JWTs #22 (steved)
• Add MIT license to gemspec #21 (nycvotes-dev)
• Tweaks and improvements #20 (threedaymonk)
• Don't leave errors in OpenSSL.errors when there is a decoding error. #19 (lowellk)

jwt-0.1.8 (2013-03-14)

Full Changelog

Merged pull requests:

• Contrib and update #18 (threedaymonk)
• Verify if verify is truthy (not just true) #17 (threedaymonk)

jwt-0.1.7 (2013-03-07)

Full Changelog

Merged pull requests:

• Catch MultiJson::LoadError and reraise as JWT::DecodeError #16 (rwygand)

jwt-0.1.6 (2013-03-05)

Full Changelog

Merged pull requests:

• Fixes a theoretical timing attack #15 (mgates)
• Use StandardError as parent for DecodeError #13 (Oscil8)

jwt-0.1.5 (2012-07-20)

Full Changelog

Closed issues:

• Unable to specify signature header fields #7

Merged pull requests:

• MultiJson dependency uses ~> but should be >= #12 (sporkmonger)
• Oops. :-) #11 (sporkmonger)
• Fix issue with signature verification in JRuby #10 (sporkmonger)
• Depend on MultiJson #9 (lautis)
• Allow for custom headers on encode and decode #8 (dgrijalva)
• Missing development dependency for echoe gem. #6 (sporkmonger)

jwt-0.1.4 (2011-11-11)

Full Changelog

Merged pull requests:

• Fix for RSA verification #5 (jordan-brough)

jwt-0.1.3 (2011-06-30)

Closed issues:

• signatures calculated incorrectly (hexdigest instead of digest) #1

Merged pull requests:

• Bumped a version and added a .gemspec using rake build_gemspec #3 (zhitomirskiyi)
• Added RSA support #2 (zhitomirskiyi)

* This Change Log was automatically generated by github_changelog_generator